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DETAILED ACTION 

1. The Amendment, and remarks therein, received on 5/25/06 have been entered and 
carefully considered. 

2. The Amendment introduces new limitations into claims 2-5, 21 , 24-25, 47 and 52-53, 
cancels claims 6-8, 11-13, 15-20, 30-32, 40 and 44-46 and introduces new claims 
56-73. 

The newly introduced limitation has required a new search and consideration of the 
pending claims. The new search has resulted in newly discovered prior art. New 
grounds of rejection based on the newly discovered prior art follow below. 

3. The text of those sections of Title 35, U.S. Code not included in this action can be 
found in a prior office action. 

Election/Restrictions 

Restriction to one of the following inventions is required under 35 U.S.C. 121: 

I. Claims 1-5, 8-10, 14, 21-29, 33-39, 41-43 and 47-55 drawn to a method 
and a system of generating of proxies based on an agreement between 
communicating parties, classified in class 705, subclass 1 . 

II. Claims 56-73 drawn to a secure switch communication method and 
system, classified in class 726, subclass 1 1 . 

Inventions ( I ) a method and a system of generating of proxies based on an 
agreement between communicating parties and ( II ) a secure switch communication 
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method and system as subcombinations disclosed as usable together in a single 
combination. 

The subcombinations are distinct from each other if they are shown to be separately 
usable. In the instant case, invention ( II ) drawn to a secure switch communication 
method and system, classified in class 726, subclass 11 do not require agreement 
between two communicating parties that is used in creating of proxies ( I ) drawn to 
a method and a system of generating of proxies based on an agreement between 
communicating parties, classified in class 705, subclass 1 do not require a secure 
switch with profile specifying parameters of communications. 

Since applicant has received an action on the merits for the originally presented 
invention, this invention has been constructively elected by original presentation for 
prosecution on the merits. Accordingly, claims 56-73 are withdrawn from 
consideration as being directed to a non-elected invention. See 37 CFR 1.142(b) 
andMPEP § 821.03. 

Applicant is reminded that upon the cancellation of claims to a non-elected 
invention, the inventorship must be amended in compliance with 37 CFR 1.48(b) if one 
or more of the currently named inventors is no longer an inventor of at least one claim 
remaining in the application. Any amendment of inventorship must be accompanied by 
a request under 37 CFR 1.48(b) and by the fee required under 37 CFR 1.1 7(i). 
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Response to Amendment 

4. Applicant's arguments have been carefully considered but they were not found 
persuasive. 

5. As per claims 1,14, 26, 41 and 55 applicant argues that Dan and Epstine fail to 
disclose: "determining whether the data violates the agreement". To validate the 
argument applicant suggests that Dan describes an automatic generation of code 
used to implement a service contract - not determining whether data violates the 
agreement and that Epsteine provides no disclosure of disallowing communication of 
the data from when the data violates the agreement. 

6. Applicant's arguments have been carefully considered but they were not found 
persuasive. 

In addition to generating a plurality of virtual private proxies based on an agreement 
between a first entity and a second entity (col. 5. lines 49-63 and col. 6 lines 11-25) 
Dan explicitly discloses determining whether the data violates the agreement (col. 6 
lines 25-47). 

Col. 6 lines 25-47 refer to generated enforcement code components that execute in 
as the client and server contract enforcer components. These two components 
executes so that the rules of interaction specified in the service contract are 
enforced by each of the parties to ensure that the other parties abide by those rules . 
This clearly reads on "determining whether the data violates the agreement". 
Col. 7 line 52-col. 8 line 57 are even more explicit, spelling out that the contract 
enforcement code determines, based on the incorporated rules of interaction . 
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whether a request (or message, or document) is acceptable from the specific 
requester as per the rules of interaction. If the request is determined to be 
acceptable, the contract enforcement code causes providing this service and if not 
unacceptable the rejection occurs. 

7. As per claim 3, 4, 5, 8 and 9 applicant challenges the motivation to combine the art 
of record used in rejection of these claims. 

Applicant's arguments have been carefully considered but they were not found 
persuasive. 

The examiner reminds applicant that so long as only knowledge, which was within 
the level of ordinary skill at the time the claimed invention was made, is taken into 
account, and does not include knowledge gleaned only from the applicant's 
disclosure, the motivation is proper. See In re McLaughlin, 443 F.2d 1392, 170 
USPQ 209 (CCPA 1971). The need for prompt actions in order to ensure network 
security and secure data communication is appreciated, old and well known in the 
art of network administration, as it is also visible in the cited reference (Ashdown, 
col. 1 lines 23-28 and col. 2 lines 58-60 for example). 

8. Applicant also argues new claims 56-73. The limitations of these claims are 
addressed in this Office Action. 

9. Lastly, applicant challenges Official Notice but provides not support that transport 
security protocols (e.g. IPSec, PPTP, LT2P etc.) as well as XML data, are not well- 
known and utilized data communication between entities. The examiner refers 
applicant to any fundamental data security reference, such as "Security in 
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computing" (Charles P. Pfleeger, "Security in computing", 2nd edition, 1996, ISBN: 
0133374866) or to any RFC dealing with the subject, e.g. RFC 2401. 



10. Claims 1-5, 8-10, 14, 21-29, 33-39, 41-43 and 47-55 have been examined. 



Claim Rejections - 35 USC § 103 

11. Claims 1-4, 14, 24-26, 28-29, 37, 41, 43, 52-54 are rejected under 35 U.S.C. 103(a) 
unpatentable over Dan et al. (U.S. Patent No. 6148290), hereinafter '290 in view of 
Epsteine et al. (U.S. Patent No. 6684329), hereinafter '329. 

As per claims 1 '290 teach generating a plurality of virtual private proxies based on 
an agreement between a first entity and a second entity and associating a first virtual 
private proxy associated with the first entity and a second virtual private proxy 
associated with the second entity ('290, col. 5. lines 49-63 and col. 6 lines 11-25). 
'290 teach monitoring data at received at the first virtual private proxy from the first 
entity, determining whether the data violates the agreement ('290, col. 6 lines 25- 
47). 

12. '290 do not explicitly teach disallowing communication of the data from the first 
virtual private proxy to the second virtual private proxy when proxy when data 
violation is detected. 

'329 teach that data is monitored to determine any violation and disallows 
communication of the data from the first virtual private proxy to the second virtual 
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private proxy when proxy when data violation is detected ('329, col. 8 line 56- col. 9 
line 23). 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to disallow communication between proxies when the data violation is 
detected as taught by '329. One of ordinary skill in the art would have been 
motivated to perform such a modification in order to allow only traffic conforming to a 
predetermined security policy. 

13. Claims 14, 26 and 41 are substantially equivalent to claim 1; therefore claims 14, 26 
and 41 are similarly rejected. 

14. As per claims 29 the examiner considers the second entity as a secure switch; thus 
the first virtual private proxy comprises a logical representation of a logical access 
point between the first entity and a secure switch. In order to activate the logical 
access point the logical access point must be accessed and software accesses 
entities such as access point using a logical representation of the entity; thus the first 
virtual private proxy must comprise a logical representation of a logical access point. 
Also, the first virtual private proxy that comprises a logical representation of a logical 
access point is connected with the secure switch and through physical means such 
as communication line 532 that in networks discussed by '290 (Background of the 
invention) are implemented by physical lines. Another words, the logical 
representation of the logical access point between the first virtual private proxy and 
the secure switch is implemented by a physical access (means) point between the 
first entity and the secure switch. 
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15. As per claims 2-4, 24-25, 52-53, '290 and '329 do not explicitly teach determining 
that the data includes a security violation such as a virus, malicious program or an 
intrusion attempt and prohibiting this type of data. 

Official Notice is taken that it is old and well-known practice to determine whether 
the data includes a security violation such as a virus, malicious program or an 
intrusion attempt and prohibiting this type of data. It would have been obvious to 
one of ordinary skill in the art at the time of applicant's invention to determine 
whether the data includes a security violation such as a virus, malicious program or 
an intrusion attempt and prohibiting this type of data. One of ordinary skill in the art 
would have been motivated to perform such a modification in order to prevent 
security problems such as attack, loss of data etc. 

16. Although in the rejection above the examiner considered that the second entity 
comprising the second virtual private proxies reads on a secure switch, employing 
an independent third party that ensures non-bias security transactions is old and well 
known in the computer arts. Thus, implementing the first and the second virtual 
proxy on an additional secure switch rather than on the first and second entity would 
be an obvious modification of '290 invention given a benefit of non-bias execution of 
agreement rules by an independent party (a secure switch). 

17. Claims 5 and 47 are rejected under 35 U.S.C. 103(a) unpatentable over Dan et al. 
(U.S. Patent No. 6148290), hereinafter '290 in view of Epsteine et al. (U.S. Patent 
No. 6684329), hereinafter '329 and further in view of Reed et al. (U.S. Patent 
6266704). 
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'290 in view of '329 disclose the first and the second virtual private proxy as 
discussed above. 

18. '290 in view of '329 do not teach hiding the existence of objects, in particular at least 
one of the first virtual private proxy or the second virtual private proxy. 

19. Reed et al. teaches hiding objects and it would have been obvious to one of ordinary 
skill in the art at the time of applicant's invention to hide objects such as the first 
virtual private proxy and the second virtual private proxy. One of ordinary skill in the 
art would have been motivated to hide objects such as the first virtual private proxy 
and the second virtual private proxy in order to prevent eavesdropping (Reed et a/., 
Abstract). 

20. Claim 5 and 47 are rejected under 35 U.S.C. 103(a) unpatentable over Dan et al. 
(U.S. Patent No. 6148290), hereinafter '290 in view of Epsteine et al. (U.S. Patent 
No. 6684329), hereinafter '329 and further in view of Pfleeger (Charles P. Pfleeger, 
"Security in computing", 2nd edition, 1996, ISBN: 0133374866). 

'290 in view of '329 disclose the first and the second virtual private proxy as 
discussed above. 

21 . '290 in view of '329 do not teach hiding the existence of objects, in particular at least 
one of the first virtual private proxy or the second virtual private proxy. 

22. Pfleeger teaches hiding objects (need-to-know rule, e.g. pg. 271) and it would have 
been obvious to one of ordinary skill in the art at the time of applicant's invention to 
hide objects such as the first virtual private proxy and the second virtual private 
proxy given the benefit of increased security. 
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23. Claims 38-39 and 53 are rejected under 35 U.S.C. 103(a) unpatentable over Dan et 
al. (U.S. Patent No. 6148290), hereinafter '290, in view of Epsteine et al. (U.S. 
Patent No. 6684329), hereinafter '329 and further in view of Ashdown et al. (U.S. 
Patent No. 6308276), hereinafter '276. 

'290 teach logging violations ('290, col. 6 lines 48-56) and '329 teach alarms and 
reporting that is associated with data filtering ('329, col. 10 lines 32-65). 

24. As per claims 38-39 and 53 '290 and '329 do not explicitly teach generating an alarm 
based on the violation, 5 discarding the data that violates the agreement 3 and 
communicating the alarm to a system administrator. 

'276 teach (in addition to logging the violation) discarding the data that violates the 
agreement and alarms reported to a system administrator ('276, col. 1 lines 29-45, 
col. 3 lines 1-6, Fig. 7, col. 9 lines 12-42, col. 11 lines 63-67). 
It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to implement logging the violation, discarding the data that violates the 
agreement and alarms reported to a system administrator as taught by Ashdown et 
al. One of ordinary skill in the art would have been motivated to perform such a 
modification in order to completely control the data flow. 

25. Claims 8-10, 21-23, 27, 33-36, 42, and 55 are rejected under 35 U.S.C. 103(a) 
unpatentable over Dan et al. (U.S. Patent No. 6148290), hereinafter '290 in view of 
Epsteine et al. (U.S. Patent No. 6684329), hereinafter '329 and further in view of 
Dan et al. (U.S. Pub. 20020178103) hereinafter '103. 
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26/290 and '329 teach data exchange between entities utilizing the virtual private 
proxies, wherein data is filtered based on the agreement as discussed above. 

27. As per claim 8, 10, 21, 23, 27, 33-36, 42, 55, '290 and '329 do not explicitly teach 
that the entity comprise business, do not teach generating the agreement based on 
two profiles that are associated with the communicating entities and that are used to 
generate the agreement, and do not teach that profiles comprise name and contact 
information, a transport protocol and messaging protocol and process specification 
document [32 and 35]. 

28/103 teach two business entities [1] with profiles comprising name and contact 
information generating an agreement based on two profiles associated with the 
communicating entities [38], the profiles comprising name and contact information 
[35] and messaging protocol [33]. 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to use business profiles to generate an agreement as taught by '103. One 
of ordinary skill in the art would have been motivated to perform such a modification 
in order to easily negotiate a contract based on the advertised businesses capability. 
29. As per claims 9, 22, '290, '329 and '103 do not teach that the profiles comprise a 
transport security protocol and that the data allowed comprise XML data. 
Official Notice is taken that transport security protocols (e.g. IPSec, PPTP, LT2P 
etc.) as well as XML data are and well-known and utilized in data communication 
between entities. Utilizing these protocols are obvious variations that are well known 
in the art. One would have been motivated to include these protocols in profiles and 
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include XML data in allowed data especially in light of the benefits of these protocols 
and data as evidenced by their commercial success. 

30. Claims 48-51 are rejected under 35 U.S.C. 103(a) unpatentable over Dan et al. (U.S. 
Patent No. 6148290), hereinafter '290 in view of Epsteine et al. (U.S. Patent No. 
6684329), hereinafter '329 and Pfleeger (Charles P. Pfleeger, "Security in 
computing", 2nd edition, 1996, ISBN: 0133374866) and further in view of Dan et al. 
(U.S. Pub. 20020178103) hereinafter '103. 

Claims 48-51 introduce substantially equivalent limitations to limitations of claims 33- 
36; therefore claims 48-51 are similarly rejected. 

31. Claims 48-51 are rejected under 35 U.S.C. 103(a) unpatentable over Dan et al. (U.S. 
Patent No. 6148290), hereinafter '290 in view of Epsteine et al. (U.S. Patent No. 
6684329), hereinafter '329 and Reed et al. (U.S. Patent 6266704) and further in view 
of Dan et al. (U.S. Pub. 20020178103) hereinafter '103. 

Claims 48-51 introduce substantially equivalent limitations to limitations of claims 33- 
36; therefore claims 48-51 are similarly rejected. 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
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TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Peter Poltorak whose telephone number is (571) 272- 
3840. The examiner can normally be reached Monday through Thursday from 9:00 
a.m. to 4:00 p.m. and alternate Fridays from 9:00 a.m. to 3:30 p.m 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jacques Louis Jacques can be reached on (571) 272-6962. The fax phone 
number for the organization where this application or proceeding is assigned is (571) 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). N . ~ 





